Jquery Form Validation for Forms
Question
I am building out a form for registration including the use of credit cards. And I am now at the point of form validation to make sure the user enters the proper data in the proper fields. However it got me thinking. Is it safe to rely on Jquery to do the form validations for this form and is JQuery compatible with all browsers including our favorite IE versions?
As for the general fields such as name, address, city, etc... I am using a JQuery Script that just validates them to be required.
I was going to use this to handle the credit card stuff: http://jquerycreditcardvalidator.com/
Or do you know of a better solution to handle form validation that is very effective and reliable with all major browsers?
1 answers
solution1
2 2014-04-17 21:26:14
Banks and payment processors-related guy here
In my experience, I made many projects meet PCI DDS standards.
Mark my words, you can never rely on client-side validations. jQuery validation can only help the consumer not to make a typing error, miss a field or forget a digit in his credit card. Luhn algorithm for CC# validation most CC# validators use just checks the checksum to avoid skipped or mistyped digits (and even in this it isn't 100% reliable, it only checks usual , common mistakes), it doesn't check if the card number itself is valid.
On the other hand, when a hacker scans your website or tries to hack it, he never uses his browser (and your jQuery scripts). They always use browser-emulating scripts which post the values (dozens, hundreds, millions of tries at one) to your form directly, avoiding your HTML mechanisms and JavaScript validations. You should always, ALWAYS make the validation on the server side. This is a must. Client side validation is just embellishment, convenience, but by no means a security measure.
Moreover, many types of attacks can be run upon your payment form, including SQL injections, XSS attacks, CSRF attacks and they all shall be dealt with on the server side.
Don't ever rely on Javascript and jQuery in terms of security. Be safe!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.